Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

NSAllowsArbitraryLoads not working for ip address

I am trying to get my app to connect to an http server at 152.111.198.244 through the Apple Transport Security. And nothing I'm trying works.

Adding the NSAllowsArbitraryLoads key to the info.plist file of my project still did not allow my app to connect to this specific ip address 152.111.198.244 I have gone through the technote on Apple Transport Security. I installed OSX 10.11 to try and find what settings might work for the URL using

nscurl --ats-diagnostics http://152.111.198.244

and

nscurl --ats-diagnostics http://152.111.198.244/publications/

in the terminal. All settings that nscurl tries fail. I have looked at similar questions NSAllowsArbitraryLoads not working and NSExceptionAllowsInsecureHTTPLoads not working for ip addresses and have not found the solution. I also looked here and the NSExceptionMinimumTLSVersion key proposed there doesn't work.

I am starting to think that there may be a bug somewhere, or something that I missed. Are IP addresses an issue with Apple Transport Security? Why? Is there way to make an IP address work through ATS?

UPDATE: I added in the specific ip address that is giving me trouble. Hopefully someone will be able to replicate what I'm talking about.

UPDATE: I logged this as a bug in radar and I got a message that says it's a duplicate. In the meantime, the IP address mentioned in this question has a domain name now http://3d.media24.com/ but unfortunately it has not solved the problem.

UPDATE: I marked an answer as correct. It seems that apple fixed this with XCode7.1 and that the keys for Apple Transport Security have changed a bit. The site in question has also been updated for https connections.

like image 265
simple_code Avatar asked Oct 09 '15 09:10

simple_code


People also ask

What is Nsallowsarbitraryloads?

A Boolean value indicating whether App Transport Security restrictions are disabled for all network connections.

How do I allow HTTP in Swift?

How to allow HTTP URL request for debug schema in Xcode — Swift & SwiftUI. If you need to hit the HTTP request from Xcode and above you need to specify the URL in info. plist file to allow the request. You can allow all the http request by adding arbitrary load to “YES” in info.

How to add NSExceptionDomains?

Adding a domain exception is easy. You add the NSExceptionDomains key to the NSAppTransportSecurity dictionary of the target's Info. plist. The value of the key is a dictionary with every key of the dictionary being a domain exception.

What is NSExceptionDomains?

Custom App Transport Security configurations for named domains.


1 Answers

I was able to access that URL, http://152.111.198.244, using ‘Allow Arbitrary Loads’ in my Info.plist under Xcode 7.1 and Simulator 9.1:

  • App Transport Security Settings: Dictionary
    • Allow Arbitrary Loads: Boolean = YES

Screenshot:

enter image description here

I used the following code:

let url = NSURL(string: "http://152.111.198.244")!
let task = NSURLSession.sharedSession().dataTaskWithURL(url) {(data, response, error) -> Void in
    print("response \(response!)")
}
task.resume()

Here is the response that I received:

response <NSHTTPURLResponse: 0x7fe1a2421f80> { URL: http://152.111.198.244/auth/login } { status code: 200, headers {
    "Cache-Control" = "no-cache";
    Connection = "Keep-Alive";
    "Content-Encoding" = gzip;
    "Content-Length" = 1138;
    "Content-Type" = "text/html; charset=UTF-8";
    Date = "Fri, 23 Oct 2015 09:33:59 GMT";
    "Keep-Alive" = "timeout=5, max=98";
    Server = "Apache/2.4.7 (Ubuntu)";
    "Set-Cookie" = "XSRF-TOKEN=eyJpdiI6IldBOWYxcDk3SEtMekJ3YTNSUm9mYUE9PSIsInZhbHVlIjoiTFBcL3RGWW10cjlONFFkeXY1ZDA4SWRkSURIYlFsOGE3QkFEV3hRNTVwRFJuWSt5SXN3OU55Sng4elduMHd1T1duV0VFQ1o4dDVjeDJTZGRFeXJxMjN3PT0iLCJtYWMiOiJiZjNmOTg0NTZmY2RkMGQzNmE2YWEyNjJiNzA1MDlmZjIwM2M3NWYyNjYwZjM5N2Q3ZTgxNjRjNzAzMGYzYmMzIn0%3D; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/, laravel_session=eyJpdiI6InR5OSs3cmpObVRBbFhORnVJQjRvWFE9PSIsInZhbHVlIjoiSTJ2bk41RVVLZUR1a0xKbFwvalZXQWpsNEtWeHppUVpYVUlRM1ZjQXc5aDJxT1wvXC9uYkViaTQ0SCtGNTMrdmtiQXFOd0VJTFwvM0ZCbmFHZk5MWlwvZ3BBUT09IiwibWFjIjoiYjRmNzcxY2Q5NDFlZjYzZTI1YzU2YzI0YTkxM2M0NDg0MGY2YThiODIxOGZjOTgxYjNmM2FlZTkzZGMyZTdjOCJ9; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/; httponly";
    Vary = "Accept-Encoding";
    "X-Powered-By" = "PHP/5.5.9-1ubuntu4.11";
} }

I was also able to connect using the named domain 3d.media24.com but not the numeric address of 152.111.198.244 using exception domains.

Screenshot:

enter image description here

My results agree with the definition for exception domains in the Apple Technote on App Transport Security:

A dictionary of exceptions for the named domain. The name of the key is the name of the domain–for example, www.apple.com.

like image 75
Daniel Zhang Avatar answered Oct 24 '22 14:10

Daniel Zhang